ISO 27799-2008 健康信息学.使用ISO/IEC27002的健康信息安全管理
作者:标准资料网 时间:2024-05-19 15:32:38 浏览:9020
来源:标准资料网
下载地址: 点击此处下载
【英文标准名称】:Healthinformatics-InformationsecuritymanagementinhealthusingISO/IEC27002
【原文标准名称】:健康信息学.使用ISO/IEC27002的健康信息安全管理
【标准号】:ISO27799-2008
【标准状态】:现行
【国别】:国际
【发布日期】:2008-07
【实施或试行日期】:
【发布单位】:国际标准化组织(IX-ISO)
【起草单位】:ISO/TC215
【标准类型】:()
【标准水平】:()
【中文主题词】:代码表示;危险;数据处理;数据保护;数据安全;定义;英语;信息交换;信息技术;医学科学;计划;资料保护;公共卫生;安全;安全管理;使用
【英文主题词】:Codedrepresentation;Danger;Dataprocessing;Dataprotection;Datasecurity;Definitions;Englishlanguage;Informationinterchange;Informationtechnology;Medicalinformatics;Medicalsciences;Planning;Protectionofinformation;Publichealth;Risk;Safety;Securitymanagement;Use
【摘要】:1.1GeneralThisInternationalStandarddefinesguidelinestosupporttheinterpretationandimplementationinhealthinformaticsofISO/IEC27002andisacompaniontothatstandard2).ThisInternationalStandardspecifiesasetofdetailedcontrolsformanaginghealthinformationsecurityandprovideshealthinformationsecuritybestpracticeguidelines.ByimplementingthisInternationalStandard.healthcareorganizationsandothercustodiansofhealthinformationwillbeabletoensureaminimumrequisitelevelofsecuritythatisappropriatetotheirorganization'scircumstancesandthatwillmaintaintheconfidentiality,integrityandavailabilityofpersonalhealthinformation.ThisInternationalStandardappliestohealthinformationinallitsaspects,whateverformtheinformationtakes(wordsandnumbers,soundrecordings,drawings,videoandmedicalimages),whatevermeansareusedtostoreit(printingorwritingonpaperorelectronicstorage)andwhatevermeansareusedtotransmitit(byhand,viafax,overcomputernetworksorbypost),astheinformationmustalwaysbeappropriatelyprotected.ThisInternationalStandardandISO/IEC27002takentogetherdefinewhatisrequiredintermsofinformationsecurityinhealthcare;theydonotdefinehowtheserequirementsaretobemet.Thatistosay,tothefullestextentpossible,thisInternationalStandardistechnology-neutral.Neutralitywithrespecttoimplementingtechnologiesisanimportantfeature.Securitytechnologyisstillundergoingrapiddevelopmentandthepaceofthatchangeisnowmeasuredinmonthsratherthanyears.Bycontrast,whilesubjecttoperiodicreview,standardsareexpectedonthewholetoremainvalidforyears.Justasimportantly,technologicalneutralityleavesvendorsandserviceprovidersfreetosuggestnewordevelopingtechnologiesthatmeetthenecessaryrequirementsthatthisInternationalStandarddescribes.Asnotedintheintroduction,familiaritywithISO/IEC27002isindispensableforanunderstandingofthisInternationalStandard.1.2ScopeexclusionsThefollowingareasofinformationsecurityareoutsidethescopeofthisInternationalStandard:a)methodologiesandstatisticaltestsforeffectiveanonymizationofpersonalhealthinformation;b)methodologiesforpseudonymizationofpersonalhealthinformation(seebibliographicReference[10]foranexampleofanIS~TechnicalSpecificationthatdealsspecificallywiththissubject);c)networkqualityofserviceandmethodsformeasuringavailabilityofnetworksusedforhealthinformatics;d)dataquality(asdistinctfromdataintegrity).2)ThisguidelineisconsistentwiththerevisedversionofISO/IEC27002:2005.
【中国标准分类号】:C07
【国际标准分类号】:35_240_80
【页数】:68P.;A4
【正文语种】:英语
【原文标准名称】:健康信息学.使用ISO/IEC27002的健康信息安全管理
【标准号】:ISO27799-2008
【标准状态】:现行
【国别】:国际
【发布日期】:2008-07
【实施或试行日期】:
【发布单位】:国际标准化组织(IX-ISO)
【起草单位】:ISO/TC215
【标准类型】:()
【标准水平】:()
【中文主题词】:代码表示;危险;数据处理;数据保护;数据安全;定义;英语;信息交换;信息技术;医学科学;计划;资料保护;公共卫生;安全;安全管理;使用
【英文主题词】:Codedrepresentation;Danger;Dataprocessing;Dataprotection;Datasecurity;Definitions;Englishlanguage;Informationinterchange;Informationtechnology;Medicalinformatics;Medicalsciences;Planning;Protectionofinformation;Publichealth;Risk;Safety;Securitymanagement;Use
【摘要】:1.1GeneralThisInternationalStandarddefinesguidelinestosupporttheinterpretationandimplementationinhealthinformaticsofISO/IEC27002andisacompaniontothatstandard2).ThisInternationalStandardspecifiesasetofdetailedcontrolsformanaginghealthinformationsecurityandprovideshealthinformationsecuritybestpracticeguidelines.ByimplementingthisInternationalStandard.healthcareorganizationsandothercustodiansofhealthinformationwillbeabletoensureaminimumrequisitelevelofsecuritythatisappropriatetotheirorganization'scircumstancesandthatwillmaintaintheconfidentiality,integrityandavailabilityofpersonalhealthinformation.ThisInternationalStandardappliestohealthinformationinallitsaspects,whateverformtheinformationtakes(wordsandnumbers,soundrecordings,drawings,videoandmedicalimages),whatevermeansareusedtostoreit(printingorwritingonpaperorelectronicstorage)andwhatevermeansareusedtotransmitit(byhand,viafax,overcomputernetworksorbypost),astheinformationmustalwaysbeappropriatelyprotected.ThisInternationalStandardandISO/IEC27002takentogetherdefinewhatisrequiredintermsofinformationsecurityinhealthcare;theydonotdefinehowtheserequirementsaretobemet.Thatistosay,tothefullestextentpossible,thisInternationalStandardistechnology-neutral.Neutralitywithrespecttoimplementingtechnologiesisanimportantfeature.Securitytechnologyisstillundergoingrapiddevelopmentandthepaceofthatchangeisnowmeasuredinmonthsratherthanyears.Bycontrast,whilesubjecttoperiodicreview,standardsareexpectedonthewholetoremainvalidforyears.Justasimportantly,technologicalneutralityleavesvendorsandserviceprovidersfreetosuggestnewordevelopingtechnologiesthatmeetthenecessaryrequirementsthatthisInternationalStandarddescribes.Asnotedintheintroduction,familiaritywithISO/IEC27002isindispensableforanunderstandingofthisInternationalStandard.1.2ScopeexclusionsThefollowingareasofinformationsecurityareoutsidethescopeofthisInternationalStandard:a)methodologiesandstatisticaltestsforeffectiveanonymizationofpersonalhealthinformation;b)methodologiesforpseudonymizationofpersonalhealthinformation(seebibliographicReference[10]foranexampleofanIS~TechnicalSpecificationthatdealsspecificallywiththissubject);c)networkqualityofserviceandmethodsformeasuringavailabilityofnetworksusedforhealthinformatics;d)dataquality(asdistinctfromdataintegrity).2)ThisguidelineisconsistentwiththerevisedversionofISO/IEC27002:2005.
【中国标准分类号】:C07
【国际标准分类号】:35_240_80
【页数】:68P.;A4
【正文语种】:英语
下载地址: 点击此处下载